Vulnerability Description
The getdirective function in mathtex.cgi in mathTeX, when downloaded before 20090713, allows remote attackers to execute arbitrary commands via shell metacharacters in the dpi tag.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Forkosh | Mathtex | - |
Related Weaknesses (CWE)
References
- http://groups.google.com/group/comp.text.tex/browse_thread/thread/5d56d3d7443515
- http://secunia.com/advisories/35816Vendor Advisory
- http://www.ocert.org/advisories/ocert-2009-010.html
- http://www.securityfocus.com/archive/1/504919/100/0/threaded
- http://www.vupen.com/english/advisories/2009/1875Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51795
- http://groups.google.com/group/comp.text.tex/browse_thread/thread/5d56d3d7443515
- http://secunia.com/advisories/35816Vendor Advisory
- http://www.ocert.org/advisories/ocert-2009-010.html
- http://www.securityfocus.com/archive/1/504919/100/0/threaded
- http://www.vupen.com/english/advisories/2009/1875Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51795
FAQ
What is CVE-2009-1383?
CVE-2009-1383 is a vulnerability with a CVSS score of 7.5 (HIGH). The getdirective function in mathtex.cgi in mathTeX, when downloaded before 20090713, allows remote attackers to execute arbitrary commands via shell metacharacters in the dpi tag.
How severe is CVE-2009-1383?
CVE-2009-1383 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1383?
Check the references section above for vendor advisories and patch information. Affected products include: Forkosh Mathtex.